From 33e4961c95c4981c40bc8d63dd79812bd3ec5cdb Mon Sep 17 00:00:00 2001
From: Sauyon Lee <sauyon@github.com>
Date: Tue, 12 May 2020 04:53:18 -0700
Subject: [PATCH] ReflectedXss: Add an equality test guard

---
 ql/src/semmle/go/security/ReflectedXssCustomizations.qll | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/ql/src/semmle/go/security/ReflectedXssCustomizations.qll b/ql/src/semmle/go/security/ReflectedXssCustomizations.qll
index 826feb4a326..65c660f2112 100644
--- a/ql/src/semmle/go/security/ReflectedXssCustomizations.qll
+++ b/ql/src/semmle/go/security/ReflectedXssCustomizations.qll
@@ -103,4 +103,13 @@ module ReflectedXss {
       )
     }
   }
+
+  /**
+   * A check against a constant value, considered a barrier for reflected XSS.
+   */
+  class EqualityTestGuard extends SanitizerGuard, DataFlow::EqualityTestNode {
+    override predicate checks(Expr e, boolean outcome) {
+      e = this.getAnOperand().asExpr() and this.eq(outcome, _, _)
+    }
+  }
 }